Search CVE reports
81 – 90 of 267 results
CVE-2017-3735
Low priorityWhile parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present...
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
| openssl1.0 | — | — | — | Not affected | Not in release |
CVE-2017-3733
High priorityDuring a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 before 1.1.0e to crash (dependent on ciphersuite). Both...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | Not affected |
| openssl098 | — | — | — | — | Not in release |
CVE-2017-3730
Medium priorityIn OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | Not affected |
| openssl098 | — | — | — | — | Not in release |
CVE-2016-7054
Medium priorityIn OpenSSL 1.1.0 before 1.1.0c, TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to...
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | Not affected |
| openssl098 | — | — | — | — | Not in release |
| openssl1.0 | — | — | — | — | Not in release |
CVE-2016-7053
Medium priorityIn OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS structures can crash with a NULL pointer dereference. This is caused by a bug in the handling of the ASN.1 CHOICE type in OpenSSL 1.1.0 which can result in a NULL...
3 affected packages
openssl, openssl098, openssl1.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | Not affected |
| openssl098 | — | — | — | — | Not in release |
| openssl1.0 | — | — | — | — | Not in release |
CVE-2017-3732
Medium priorityThere is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | Fixed |
| openssl098 | — | — | — | — | Not in release |
CVE-2017-3731
Medium prioritySome fixes available 9 of 10
If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2016-7056
Medium prioritySome fixes available 2 of 3
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | Not affected | Not affected |
| openssl098 | — | — | — | Not in release | Not in release |
CVE-2016-7055
Low priorityThere is a carry propagating bug in the Broadwell-specific Montgomery multiplication procedure in OpenSSL 1.0.2 and 1.1.0 before 1.1.0c that handles input lengths divisible by, but longer than 256 bits. Analysis suggests that...
2 affected packages
openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| openssl | — | — | — | — | Fixed |
| openssl098 | — | — | — | — | Not in release |
CVE-2016-8610
Low prioritySome fixes available 13 of 15
A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 through 1.0.2h, and 1.1.0 in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw...
4 affected packages
gnutls26, gnutls28, openssl, openssl098
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| gnutls26 | — | — | — | Not in release | Not in release |
| gnutls28 | — | — | — | Not affected | Fixed |
| openssl | — | — | — | Fixed | Fixed |
| openssl098 | — | — | — | Not in release | Not in release |